ActiveState

Information Security Analyst

ActiveState

full-time

Posted on:

Origin:  • 🇨🇦 Canada

Visit company website
AI Apply
Apply

Salary

💰 $75,000 - $100,000 per year

Job Level

Mid-LevelSenior

Tech Stack

CloudCyber SecurityOpen SourcePythonSDLC

About the role

  • Assist in managing the cross-functional InfoSec Squad to maintain and enhance compliance management and continually monitoring, assessing and strengthening ActiveState’s security posture.
  • Collaborate with Product, Engineering, and Business teams to embed security into systems and processes, ensuring compliance with secure development frameworks and driving continuous security improvements.
  • Assist in implementing and maintaining information security policies, standards and guidelines for data governance, privacy, and access controls and leading audits as required.
  • Assist in the maintaining SOC 2 Type 2 compliance and achievement of additional certifications, ensuring alignment with evolving industry regulations and frameworks (e.g., ISO 27001, NIST, GDPR, HIPAA, PCI-DSS), while staying ahead of evolving standards, and continuously strengthening the overall security posture.
  • Assist in risk assessments, vulnerability management, and incident response, including 24/7 monitoring, alert triage, initial investigations, and maintaining detailed records of these along with remediation efforts.
  • Facilitate and support the execution of SAST, DAST, penetration testing, and other industry-leading security assessments to achieve organizational security objectives.
  • Support the evaluation and management of third-party vendors to ensure they meet compliance and certification requirements.
  • Coordinate and support security awareness and training programs to strengthen the security culture across the organization.
  • Coordinate responding to security questionnaires with internal and external parties.
  • Stay current with emerging threats, vulnerabilities, and security technologies.
  • Contribute to security reporting and metrics to inform leadership decisions and drive continuous improvement efforts.
  • Assist in configuring and maintaining security tools and systems, such as SIEM platforms and endpoint protection solutions, to ensure optimal performance and coverage.
  • Perform daily review of CVEs and other vulnerability data related to our product offerings and produce the reports required for our teams to action them, including VEX documents, risk register, etc.

Requirements

  • Bachelor’s degree in Computer Science/Information Technology, or equivalent through specialized coursework and/or training.
  • Recent graduate in relevant field up to 3 years experience or demonstrated knowledge of infosec frameworks and methodologies in information security, with a desire to learn about security research.
  • Currently pursuing or have obtained a relevant security certification (e.g., CompTIA Security+, CEH)
  • Basic understanding of the software development lifecycle (SDLC), including concepts like CI/CD pipelines.
  • Familiarity with GDPR is a plus
  • Experience with SOC II is a plus
  • Knowledge of theory and principles within a professional IT discipline and basic cybersecurity practices (e.g. Familiarity with industry standards such as ITIL).
  • A foundational understanding of IT and cloud environments.
  • An eagerness to learn how to translate technical security risks into business impact.
  • Interest in or some experience with scripting and programming (Python is a plus).
  • Good written and verbal communication skills.
  • A genuine passion for open-source software and a commitment to security.
  • The ability to work independently and manage your time effectively.